|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
McAfee VirusScan: program execution by naPrdMgr.exe
Synthesis of the vulnerability
An attacker can store a program on system, in order to make it run by naPrdMgr.exe.
Vulnerable products: CheckPoint SecureClient, CheckPoint SecuRemote, VPN-1, Kaspersky AV, VirusScan, Windows 2000, Windows NT.
Severity of this weakness: 1/4.
Consequences of an attack: administrator access/rights.
Hacker's origin: user shell.
Creation date: 23/12/2005.
Références of this bulletin: BID-16040, CVE-2005-4505, VIGILANCE-VUL-5448.
Description of the vulnerability
The naPrdMgr.exe program periodically runs, with Local System rights:
C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE
However, this path is not enclosed between quotes. When permissions permit it, an attacker can thus create a program with a short name:
This program is then run with system rights.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities patch. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.